Rewterz Security Research Group Advisory ======================================================== I. Overview ======================================================== A Cross-Site Scripting (XSS) vulnerability has been identified in TEMENOS T24 Core Banking Solution System. This vulnerability allows an attacker to gain control over valid user accounts, perform operations on their behalf, redirect them to malicious sites, steal their credentials, and more. ======================================================== II. Severity ======================================================== Rating: High Remote: Yes ======================================================== III. Vendor's Description of Application ======================================================== TEMENOS T24 is the most technically advanced banking system available today. It pairs the most comprehensive and most powerfully flexible business functionality with the most advanced and scalable architecture. This gives it unprecedented power and opportunity to meet the challenges of today and the opportunities of tomorrow. T24 is built on open architecture, offers low cost of ownership and uses established standards such as HTTP, XML and J2EE. The design of T24 offers multiple application server support offering horizontal scalability and supporting huge numbers of users with true non-stop resilience. http://www.temenos.com/en/t24/ ======================================================== IV. Vulnerability Details ======================================================== Input passed via the following GET parameters: * windowName * user * skin * routineName * routineArgs * compScreen * compId on following pages: * /jsps/genrequest.jsp * /jsps/enqrequest.jsp are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected web application. ======================================================== V. Exploit ======================================================== Sample exploitation of this vulnerability would be crafting the following request: GET /jsps/genrequest.jsp?&routineName=OS.NEW.USER& routineArgs=BANNER"/> HTTP/1.1 ======================================================== VI. Affected Systems ======================================================== TEMENOS T24 (Core Banking) version 7 Note: Other versions may also be affected. ======================================================== VII. Vendor Response/Solution ======================================================== No vendor response. ======================================================== VIII. Credits ======================================================== Discovered by Rehan Ahmed, Rewterz. ======================================================== XI. About Rewterz ======================================================== Rewterz is a boutique Information Security company, committed to consistently providing world class professional security services. Our strategy revolves around the need to provide round-the-clock quality information security services and solutions to our customers. We maintain this standard through our highly skilled and professional team, and custom-designed, customer-centric services and products. http://www.rewterz.com/